PkgRadar

Go modules · proxy.golang.org

github.com/operator-framework/operator-marketplace

Shell Credential File Read

Why PkgRadar flagged v0.0.0-20260625071719-a8006e26248b

SeveritySignalEvidence
highShell Credential File Readgithub.com/operator-framework/[email protected]/pkg/filemonitor/cert_updater.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20260625071719-a8006e26248bHigh risk452026-06-26
v0.0.0-20260618073353-cd20b29b9ce5Low risk02026-06-19
v0.0.0-20260615123109-88067e3afa03Low risk02026-06-16
v0.0.0-20260608134118-97c9ba7446d6Low risk02026-06-09
v0.0.0-20190212161948-a7ca81b96ad9Low risk02026-06-09
v0.0.0-20260605182418-03428ca0b088Low risk02026-06-06
v0.0.0-20260603151950-a9bf39e8966fLow risk02026-06-04
v0.0.0-20260601090408-b1550d6b517bLow risk02026-06-02
v0.0.0-20190324212150-e274d6b40505Low risk02026-05-31

Block this in CI

PkgRadar gates github.com/operator-framework/operator-marketplace (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/operator-framework/[email protected]
Start free — 25 scans / moView full evidence
github.com/operator-framework/operator-marketplace — Go modules security scan | PkgRadar